Lucene search

WordfenceCVELIST:CVE-2021-34661

HistoryAug 09, 2021 - 12:23 p.m.

CVE-2021-34661 WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion

2021-08-0912:23:20

CWE-352

Wordfence

www.cve.org

cve-2021-34661

wordpress

cross-site request forgery

data deletion

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

EPSS

0.001

Percentile

21.6%

JSON

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the show_logs_section function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.

CNA Affected

[
  {
    "product": "WP Fusion Lite",
    "vendor": "Very Good Plugins",
    "versions": [
      {
        "lessThanOrEqual": "3.37.18",
        "status": "affected",
        "version": "3.37.18",
        "versionType": "custom"
      }
    ]
  }
]

References

plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302

www.wordfence.com/vulnerability-advisories/#CVE-2021-34661

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

EPSS

0.001

Percentile

21.6%

JSON

Related for CVELIST:CVE-2021-34661